Business Drivers for Zero Trust Security

Businesses today rely heavily on greater connectedness to grow their customer base and expand their market share. To achieve this, enterprise networks should be capable of connecting with customers, partners, stakeholders, vendors, and third-party distributors across geographies via a variety of devices. This poses a serious security risk since it’s impossible to determine the intent of every single endpoint, machine, and application that is connecting to the network.

To counter this challenge, businesses are beginning to consider a ‘zero trust’ approach – trust no connection unless they have been explicitly allowed. The zero-trust security concept paves the way to proactively secure workloads, application environments, users and endpoints against internal and external threat actors. Though this is a fairly new concept for businesses that have relied mostly on perimeter security solutions, the dynamic landscape in which they operate today has many strong drivers for zero trust security adoption.

Move to the Cloud

Applications are moving out of ‘secure’ private data centres and on to the cloud. The pace at which they are moving out is very rapid. According to the Right Scale State of the Cloud Survey 2017, a whopping 79% of company workload is run on the cloud, with 41 % on public cloud and 38% on private cloud.

What does this mean for security? For starters, 41% of the workload is already outside the company’s secure perimeter. This means that apps, data, users, and devices are moving out of the enterprise’s fortifications, and securing them needs a new security paradigm. The old concept of trusting everything inside the perimeter, even assuming it was ever secure, suddenly becomes inapplicable because large portions of enterprise resources now reside outside the fortifications.

Here is where Zero Trust comes in. The rate at which resources are moving out to the cloud is one of the largest business drivers of zero trust.

The digitization of all aspects of business is gathering pace. Everything from customer management to inventory management is going digital. IDC estimates that by end of 2018, spending on Digital Transformation will hit 1.2 Trillion USD. With that sort of investment, the pace of transformation will be very rapid, and that in turn will put stress on the digital infrastructure, including the processes and systems which secure the digital infrastructure. With a larger and more exposed infrastructure, the attack surface will grow exponentially too. Securing this infrastructure will tax the ingenuity of security professionals and calls for a completely different approach to security – enter Zero-Trust!

Diminishing Perimeter Security

As mentioned earlier, the perimeter is of limited efficacy when nearly half of the workload (and increasing) is residing outside it. Not only do critical assets like data and devices now reside outside the fortified perimeter, but workers are increasingly accessing these resources from outside the perimeter. A study by IWG revealed that 70% of the workforce globally access company resources from outside the perimeter at least once a week.

While this does not mean that the perimeter is dead, perimeter-based defences certainly are inadequate in the scary new world. Securing the network infrastructure via ports and protocols and imposing a level of trust on the network no longer works. Security should move up to the application layer. As digital transformation gathers pace, companies are increasing their digital interactions with their partners, vendors, suppliers, and subsidiaries, further loosening the tight perimeter control that existed before. This further increases the attack surface.

Coupled with the weakening of the perimeter and a huge increase in the attack surface, there is another serious threat that is a business driver for Zero Trust: an increasingly sophisticated malware ecosystem. Malware is now being delivered via the network in addition to the traditional vehicles of drive-by, email-borne, and media-borne malware. Wannacry and NotPetya, for instance, were self-propagating and all they needed was an unpatched computer. The scale and sophistication of these attacks mean that they can persist for several years.

The worming ability of these self-propagating malware along with their long persistence cycle in organization computers needs a granular level of segmentation to contain them.

Malware have evolved to evade sandboxes, exhibiting benign behaviour is sandboxes by a variety of evasion techniques. For example, there is ‘split’ malware, with each individual executable behaving normally when tested individually, but turning into malware when combined. Another example is the ‘document_close’ triggered macros, which evade sandboxes because sandboxes seldom test what happens when a document is closed, and this variety of malware use the document_close event to trigger themselves.

Malware are increasingly using encrypted and legitimate channels like Drobox as their command and control channels (C&C), and it is greatly hampering security professionals’ ability to detect and neutralize C&C systems of malware.

Conclusion

The use of cryptography in C&C calls for a high level of visibility, analytics, artificial intelligence and machine learning to detect malware communications. Micro-segmentation down to machine levels and even process levels may be required to assure a level of safety. This calls for a wholistic security solution encompassing user access control, device control, highly granular segmentation, deep vsibility and analytics, and in critical cases, even process lockdown if true zero trust security has to be achieved.

Arif Shouqi is the Vice President of Engineering at ColorTokens Inc, where he is responsible for driving innovation and product excellence. He is an engineering leader with over 29 years of deep experience in setting up and leading large engineering organizations. After 12 years of distinguished service in various arms of the Indian Air Force, he took on senior leadership roles with network security pioneers like CISCO, Ericsson, and Akamai Technologies. He uses his vast domain expertise to write on security, cloud, and networking technologies.

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.